New Weak-Key Classes of IDEA
نویسندگان
چکیده
This paper presents a large collection of new weak-key classes for the IDEA cipher. The classes presented in this paper contain 2−2 weak keys (as compared with 2 differential weak keys presented by Daemen at CRYPTO’93 and 2 differential-linear weak-keys presented by Hawkes at EUROCRYPT’98). The novelty of our approach is in the use of boomerang distinguishers for the weak-key class membership test. We also show large weak-key classes for reduced-round versions of IDEA.
منابع مشابه
Differential-Linear Weak Key Classes of IDEA
Large weak key classes of IDEA are found for which membership is tested with a differential-linear test while encrypting with a single key. In particular, one in every 2'' keys for 8.5-round IDEA is weak. A related-key differential-linear attack on 4-round IDEA is presented which is successful for all keys. Large weak key classes are found for 4.5to 6.5-round and 8-round IDEA for which membersh...
متن کاملA Note on Weak Keys of PES, IDEA, and Some Extended Variants
This paper presents an analysis of the PES cipher in a similar setting as done by Daemen et al. at Crypto’93 for IDEA. The following results were obtained for 8.5 round PES: a linear weak-key class of size 2; two distinct differential weak-key classes of size 2; two differentiallinear weak-key classes of size 2. For 17-round PES (double-PES): a linear weak-key class of size 2, and a differentia...
متن کاملWeak Keys for IDEA
Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [2]. IDEA has a 128bit key and encrypts blocks of 64 bits. For a class of 2 keys IDEA exhibits a linear factor. For a certain class of 2 keys the cipher has a global characteristic with probability 1. For another class of 2 keys only two encryptions and solving a set of 16 nonlinear boolean ...
متن کاملBlock Ciphers Based on Modular Arithmetic
The block ciphers PES and IPES were originally designed with the ambition to become the successor of DES as a standard. In this paper we point out why this would be a bad idea. On one hand a new block cipher (called MMB) is proposed, that uses similar primitive operations as (I)PES but can be more efficiently implemented both in hardware and in software. On the other hand classes of weak keys (...
متن کاملGeneralized Classes of Weak Keys on RC4 Using Predictive State
Conventional class of weak keys on RC4 stream cipher is defined as a specific case that combinations of the first three bytes of secret key satisfy two relational equations. This paper expands and generalizes the classes of weak keys using generalized relational equations and special classes of the internal state (called predictive state). We derive the probability that generalized classes of w...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002